Question 1

Forms and PII

Accepted Answer

From our Contact Form we will capture name & email, plus your message of course. Submissions are stored within our database and email programme.

From The Art Bee Club Registration Form we capture the adult’s name, phone number, what school club the registration is for, the child’s name, year group and class name. 
Finally any other info you wish to, or not, as free text fro info like SEN, Pupil Premium etc.

We are required to register children into the club so we use the names for that and we pass the names (and possibly year group and class name) onto each school in the form of a list by email to the school offices so that they know which child to send to the club.

We also need to have emergency contact info any medical information that will be important for us to know (asthma, allergies .etc).

Date resides in spreadheets (digitally, behind sercure passwords and 2FA).
Also in CRM system/s, again secured behind secured login.

Data in the CRM system is tagged as PII and therefore is hashed storage in the database.

We do retain contact details for other business partners and prospects in our database.

And thats it…
 • We hold no ‘sensitive data’ (religious, ethnicity, financial).
 • Our only ‘mailing list’ is for the club you already joined.
 • The Art Bee Club is marketed by the schools in which we operate.

Question 2

Retention Period

Accepted Answer

We currently retain the data held as makes it easy if people want to skip a term and we already have them on file to re-join.  We also retain our email opt in list to ebable update emails about any new art bee services.

ATOR we have never used these but we plan to with a new system to inform customers about The Art Bee Workshops.

Question 3

Photographs

Accepted Answer

We may use digital photos of children in the club:
 • Occasionally for use in a project (ie, self portaits) and thse might be printe=d for use within the club.  The physical photograph will be used by that child for a specific lesson (say perspective, or self portrait as an example) and you can keep the print afterwards. It’s just been a nice way to do self portraits tied in with how to proportion a face for example.
 • We aim to only publicly post unintifiable images on social media type posts and website, print media and promotional media. 
 • Where a photo may be identifiable explicit permission will be sought.

Question 4

Data Access Request and your Right to be Forgotten

Accepted Answer

If you wish to see what data we have for you please use the Contact Form and ask for a ‘Data Access Request‘ specifying your request clearly.

Also just ask us and we can remove everything we hold for you. This is your ‘right to be forgotten‘.

Question 5

Security

Accepted Answer

• Website is SSL certified.
 • Forms are protected by Google re-Captcha.
 • Databases are behind multi factor authentication and password protected systems.

Question 6

References

Accepted Answer

Our Policy for Data Protection and GDPR is a result of research from other work projects and resources such as those linked below, if you fancy a read:

Information Commisioners Office:
https://ico.org.uk/for-organisations/data-protection-self-assessment/assessment-for-small-business-owners-and-sole-traders/ (https://ico.org.uk/for-organisations/data-protection-self-assessment/assessment-for-small-business-owners-and-sole-traders/)
(our result from the checklist was ‘Green’)

Our business insurance is via Simply Business w(https://www.simplybusiness.co.uk/)ho publish help and guides on GDPR topics.

Also the .gov website is a good resource.

Privacy Notice, Data Protection & GDPR

Privacy Notice,
Data Protection & GDPR